Learning Paths

Blue Team Tools

  • Number of Courses20 courses
  • Duration10 hours

MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. With the addition of MITRE Shield, you now have a 360 degree view of attack scenarios and the data and capabilities needed to stop them.

Further details on the MITRE Shield framework can be found at https://shield.mitre.org/

Further details on the MITRE ATT&CK® framework can be found at https://attack.mitre.org/

Our blue team tooling courses focus on the use of a specific industry-standard, open source tool to protect, detect, and respond against targeted threat actor techniques in an enterprise environment. Knowing what a tool is and how it can be integrated into your overall enterprise security strategy will ultimately lend to your ability as an organization or an individual to defend against specific adversary activity.

Courses in this path

Introduction

The first course in this series discusses the use of open source, blue team tools to fill the gaps in your enterprise security, in turn, enable your information security organization to evolve their capabilities as fast as the threat actors you are defending against.

Blue Team Tools: Defense against Adversary Activity Using MITRE Techniques

  • by Aaron Rosenmund
  • 19m Duration
  •  (14)

Network Analysis

In this section, you will learn about the tools associated with network analysis to detect related data source TTPs and actively meet the adversary's activity with a response before you encounter it.

Network Analysis with Arkime

  • by Josh Stroschein
  • 45m Duration

Network Analysis with pfSense

  • by Joe Abraham
  • 38m Duration
  •  (13)

OS Analysis

In this section, you will learn about the tools associated with OS analysis to detect related data source TTPs and actively meet the adversary's activity with a response before you encounter it.

OS Analysis with HELK

  • by Aaron Rosenmund
  • 29m Duration

OS Analysis with RegRipper

  • by Shoaib Arshad
  • 39m Duration
  •  (19)

OS Analysis with Wazuh 4

  • by Zach Roof
  • 37m Duration

OS Analysis with Volatility

  • by Tim Coakley
  • 27m Duration

OS Analysis with The Sleuth Kit & Autopsy

  • by Ashley Pearson
  • 15m Duration

OS Analysis with osquery

  • by Joe Abraham
  • 31m Duration

OS Analysis with OSSEC 3

  • by Michael Edie
  • 24m Duration

Infrastructure Analysis

In this section, you will learn about the tools associated with infrastructure analysis to detect related data source TTPs and actively meet the adversary's activity with a response before you encounter it.

Cloud Infrastructure Analysis with Scout Suite

  • by Guillaume Ross
  • 29m Duration

Cloud Infrastructure Analysis with Prowler

  • by Tim Coakley
  • 24m Duration

Container Infrastructure Analysis with kube-hunter

  • by Zach Roof
  • 42m Duration

Container Infrastructure Analysis with Trivy

  • by Zach Roof
  • 49m Duration

File Analysis

In this section, you will learn about the tools associated with file analysis to detect related data source TTPs and actively meet the adversary's activity with a response before you encounter it.

File Analysis with TruffleHog

  • by Tim Coakley
  • 23m Duration

Application Analysis

In this section, you will learn about the tools associated with application analysis to detect related data source TTPs and actively meet the adversary's activity with a response before you encounter it.

Application Analysis with Endlessh 1

  • by Laurentiu Raducu
  • 16m Duration

Application Analysis with ModSecurity

  • by Michael Edie
  • 24m Duration

Incident Management

In this section, you will learn about the tools associated with incident management to detect related data source TTPs and actively meet the adversary's activity with a response before you encounter it.

Incident Management with TheHive

  • by Nick Mitropoulos
  • 27m Duration

Threat Intelligence

In this section, you will learn about the tools associated with threat intelligence to detect related data source TTPs and actively meet the adversary's activity with a response before you encounter it.

Threat Intelligence with MSTICPy

  • by Ian Hellen
  • 33m Duration

Threat Intelligence with MISP

  • by Phil Chapman
  • 21m Duration

Learn with the best

Aaron Rosenmund
Aaron Rosenmund
Aaron M. Rosenmund is a cyber security operations subject matter expert, with a background in federal and business defensive and offensive cyber operations and system automation. Leveraging his administration and automation experience, Aaron actively contributes to multiple open and closed source security operation platform projects and continues to create tools and content to benefit the community. As an educator & cyber security researcher at Pluralsight, he is focused on advancing cyber secur... more
Josh Stroschein
Josh Stroschein
Josh is an experienced malware analyst and reverse engineer and has a passion for sharing his knowledge with others. He is a reverse engineer at Google (Chronicle), where he focuses on tackling the latest threats. Josh is an accomplished trainer, providing training at places such as Ring Zero, BlackHat, Defcon, Toorcon, Hack-In-The-Box, Suricon, and other public and private venues. Josh is also an author on Pluralsight, where he publishes content around malware analysis, reverse engineering, and... more
Joe Abraham
Joe Abraham
Joe Abraham, CCIE #62417, is a Network Security Consultant working in the public sector space, assisting customers develop and implement functional and secure network architectures. He graduated from Excelsior College with an M.S. in Cybersecurity and a B.S. in Information Technology (Network Management). He currently holds many IT certifications to include CCIE, CISSP, GSEC, and CCNP Security. He is also a member of the GIAC Advisory Board. Joe is a mentor to IT professionals and a blogger who ... more
Shoaib Arshad
Shoaib Arshad
Shoaib is a Senior Cyber Security Professional currently based in Saudi Arabia. He has more than a decade of experience in the Information Security domain, and worked in various roles such as Security Engineer, Pentester, Forensic Examiner, Incident Handler, IT Auditor and also as a Cyber Security Consultant. His certifications include GCCC, GCFE and Lead Auditor for ISO - 27001/22301/20000. He is also a member of the GIAC Advisory Board. Shoaib is passionate about teaching and finds value in sh... more
Zach Roof
Zach Roof
Zach describes himself as “an ordinary guy who’s extraordinarily curious about technology.” This curiosity has led to roles in Software Development, Application Security, DevOps, and Security Engineering. Currently, Zach is the Lead Security Engineer at Credible where he helps lead the security vision of a highly sensitive Fintech product. Outside of his day job, Zach has spoken at SyntaxCon, created cybersecurity tutorials through Securing The Stack, led an AWS Meetup group, and has provided cy... more
Tim Coakley
Tim Coakley
Tim Coakley is a Senior Security Solutions Architect for a large multi-national organisation and an author at PluralSight. Tim started a long and successful full-time career in Digital Forensics supporting the criminal justice system and law enforcement on a long list of criminal cases. Parallel to this Tim ran a research and development business creating solutions from design through to support resulting in some unique and niche software not developed anywhere else. Tim now works fully within t... more
Ashley Pearson
Ashley Pearson
Ashley Pearson is a former system administrator turned threat hunter. She has spent the past 3 years of her 8+ year IT career specializing in cyber security. She currently works as a threat hunter and occasional incident responder or forensic analyst. She continues to feed her passion by actively participating in the InfoSec community, attending conferences, and pursuing higher education. Outside of work, Ashley enjoys running, video games, and reading.
Michael Edie
Michael Edie
Michael Edie, aka “the mechanic,” is a 23-year US Army Veteran and Information Security Engineer. He currently serves as a Technical Lead in a Cyber Operations Organization and President of the Augusta Information Systems Security Association (ISSA) chapter. Previously, he has served on Digital Forensics and Incident Response (DFIR), threat hunt, and compliance inspection teams. Michael is passionate about Information Security and enjoys contributing to the community through his blog at https://... more
Guillaume Ross
Guillaume Ross
Guillaume Ross is an experienced information security professional, providing services to many organizations as the lead consultant and founder of Caffeine Security Inc. Having worked in multiple verticals, from Fortune 50 to startups, his specialty is providing the right security program and architecture for each specific environment and company, and leading blue teams.
Laurentiu Raducu
Laurentiu Raducu
It all began in highschool, when Laurentiu first started his path in the computer science journey. Initially he started with C++, and fell in love quickly with the prospect of learning to develop software. Thanks to his passion for chess, his first computer program was a console-based ASCII chess game developed in C++. After a while, during university, Laurentiu started to experiment with other OOP programming languages, like Java, Kotlin or Python. He started to play with different tech stacks ... more
Nick Mitropoulos
Nick Mitropoulos
Nick is the CEO of Scarlet Dragonfly and has numerous years of experience in security training, cyber security, incident handling, vulnerability management, security operations, threat intelligence and data loss prevention. He is a certified ISC2 & EC-Council instructor, a GIAC advisory board member, an EC-Council global CISO member, a CEH Hall of Fame holder, a senior IEEE member and has an MSc in Advanced Security and Digital Forensics from Edinburgh Napier University.
Ian Hellen
Ian Hellen
Ian is a Principal Software Engineer in the Microsoft Threat Intelligence Centre (MSTIC). He has worked in security for 20 years and has been with MSTIC for the past 5 years (from infrastructure/network consulting to building compiler plug-ins and authoring detections and detection systems). He's the creator and joint-author/maintainer of MSTICPy - Python CyberSec tools for Jupyter notebooks - and spends most of his time creating notebooks and enhancing and fixing MSTICPy. In the time left over... more
Phil Chapman
Phil Chapman
Phil Chapman is a senior instructor. He is responsible for the delivery of a range of courses including official Microsoft, CompTIA, EC Council and BCS official certifications. He is also the subject matter expert and project lead for the bespoke Law Enforcement Cyber Security training packages which are delivered to UK Law Enforcement agencies and forces. He holds a variety of IT Technical and Security qualifications across many fields. Phil spent 23 years in the Royal Air Force as an Intellige... more

Join our learners and upskill
in leading technologies